1 files changed, 14 insertions, 3 deletions

diff --git a/src/api/s3/put.rs b/src/api/s3/put.rs
index c1af513c..fdcd5aca 100644
--- a/src/api/s3/put.rs
+++ b/src/api/s3/put.rs
@@ -37,6 +37,7 @@ use garage_model::s3::version_table::*;
 
 use crate::helpers::*;
 use crate::s3::api_server::{ReqBody, ResBody};
+use crate::s3::encryption::EncryptionParams;
 use crate::s3::error::*;
 
 const PUT_BLOCKS_MAX_PARALLEL: usize = 3;
@@ -52,6 +53,9 @@ pub async fn handle_put(
 	let headers = get_headers(req.headers())?;
 	debug!("Object headers: {:?}", headers);
 
+	// Determine whether object should be encrypted, and if so the key
+	let encryption = EncryptionParams::new_from_req(&garage, &req)?;
+
 	let content_md5 = match req.headers().get("content-md5") {
 		Some(x) => Some(x.to_str()?.to_string()),
 		None => None,
@@ -62,6 +66,7 @@ pub async fn handle_put(
 	save_stream(
 		garage,
 		headers,
+		encryption,
 		stream,
 		bucket,
 		key,
@@ -75,6 +80,7 @@ pub async fn handle_put(
 pub(crate) async fn save_stream<S: Stream<Item = Result<Bytes, Error>> + Unpin>(
 	garage: Arc<Garage>,
 	headers: ObjectVersionHeaders,
+	encryption: EncryptionParams,
 	body: S,
 	bucket: &Bucket,
 	key: &String,
@@ -92,6 +98,11 @@ pub(crate) async fn save_stream<S: Stream<Item = Result<Bytes, Error>> + Unpin>(
 
 	let first_block = first_block_opt.unwrap_or_default();
 
+	let object_encryption = encryption.encrypt_headers(headers)?;
+	if encryption.is_encrypted() {
+		unimplemented!("encryption in putobject");
+	}
+
 	// Generate identity of new version
 	let version_uuid = gen_uuid();
 	let version_timestamp = next_timestamp(existing_object.as_ref());
@@ -121,7 +132,7 @@ pub(crate) async fn save_stream<S: Stream<Item = Result<Bytes, Error>> + Unpin>(
 			timestamp: version_timestamp,
 			state: ObjectVersionState::Complete(ObjectVersionData::Inline(
 				ObjectVersionMeta {
-					headers,
+					encryption: object_encryption,
 					size,
 					etag: data_md5sum_hex.clone(),
 				},
@@ -152,7 +163,7 @@ pub(crate) async fn save_stream<S: Stream<Item = Result<Bytes, Error>> + Unpin>(
 		uuid: version_uuid,
 		timestamp: version_timestamp,
 		state: ObjectVersionState::Uploading {
-			headers: headers.clone(),
+			encryption: object_encryption.clone(),
 			multipart: false,
 		},
 	};
@@ -190,7 +201,7 @@ pub(crate) async fn save_stream<S: Stream<Item = Result<Bytes, Error>> + Unpin>(
 	let md5sum_hex = hex::encode(data_md5sum);
 	object_version.state = ObjectVersionState::Complete(ObjectVersionData::FirstBlock(
 		ObjectVersionMeta {
-			headers,
+			encryption: object_encryption,
 			size: total_size,
 			etag: md5sum_hex.clone(),
 		},